On Friday, Target said that debit-card PIN numbers were among the financial information stolen from millions of customers who shopped at the retailer earlier this month. The company says the PIN numbers were encrypted and that strongly reduces risk to customers.
In addition to the encrypted PINs, customer names, credit and debit card numbers, card expiration dates and the embedded code on the magnetic strip on back of the cards were stolen from about 40 million credit and debit cards used at Target between November 27 and December 15.
“The PIN information was fully encrypted at the keypad, remained encrypted within our system, and remained encrypted when it was removed from our systems,” Molly Snyder, a spokeswoman from the company said in a statement. The announcement comes as federal lawsuits are beginning to trickle in from customers around the U.S. The Department of Justice said Friday that it is investigating the Target data breach. Target said that it’s cooperating with the DOJ’s probe.
However, Avivah Litan, a Gartner security analyst said Friday that the PINs for the affected cards are not safe and people “should change them at this point.”
Target has been trying to deal with fallout from the breach during what is typically the busiest shopping season of the year. By Monday evening, more than a dozen Target customers had filed federal lawsuits where some are accusing Target of negligence in failing to protect customer data.
Target has said that it told authorities and financial institutions once it became aware of the breach on December 15. They also issued an apology to customers and doubled the number of workers taking calls from customers around the clock. In addition, it offered 10 percent off to customers who wanted to shop in its stores on Saturday and Sunday and free credit-monitoring services to those who are affected by the issue. But there are early signs that some shoppers are scared off by the breach.
Before this incident, Target had a chance of at least a decent Christmas season. Now, it will be mediocre at best, according to Craig Johnson, president of Customer Growth Partners, a retail consultancy.
Target explained in Friday’s statement that its systems do not store PIN information and these numbers can only be decrypted by an external payment processor. “The most important thing for our guests to know is that their debit card accounts have not been compromised due to the encrypted PIN numbers being taken,” the statement said.
My opinion would be for debit card users to change your PIN. It’s easy and takes very little time to do. If by some unimaginable chance that your PIN number was compromised along with your debit card information, changing to a new PIN would prohibit a future unauthorized user from being able to process a transaction without your new PIN.
To read my previous article on this incident, click here: https://fggam.org/up-to-40-million-creditdebit-cards-possibly-compromised-in-target-data-theft/
